azurermIotSecuritySolution

Manages an iot security solution.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermIothubExample = new azurerm.iothub.Iothub(this, "example_1", {
  location: azurermResourceGroupExample.location,
  name: "example-IoTHub",
  resource_group_name: azurermResourceGroupExample.name,
  sku: [
    {
      capacity: "1",
      name: "S1",
    },
  ],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermIothubExample.overrideLogicalId("example");
const azurermIotSecuritySolutionExample =
  new azurerm.iotSecuritySolution.IotSecuritySolution(this, "example_2", {
    display_name: "Iot Security Solution",
    iothub_ids: [azurermIothubExample.id],
    location: azurermResourceGroupExample.location,
    name: "example-Iot-Security-Solution",
    resource_group_name: azurermResourceGroupExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermIotSecuritySolutionExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

name - (Required) Specifies the name of the Iot Security Solution. Changing this forces a new resource to be created.
resourceGroupName - (Required) Specifies the name of the resource group in which to create the Iot Security Solution. Changing this forces a new resource to be created.
location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
displayName - (Required) Specifies the Display Name for this Iot Security Solution.
iothubIds - (Required) Specifies the IoT Hub resource IDs to which this Iot Security Solution is applied.
additionalWorkspace - (Optional) A additionalWorkspace block as defined below.
disabledDataSources - (Optional) A list of disabled data sources for the Iot Security Solution. Possible value is twinData.
enabled - (Optional) Is the Iot Security Solution enabled? Defaults to true.
eventsToExport - (Optional) A list of data which is to exported to analytic workspace. Valid values include rawEvents.
logAnalyticsWorkspaceId - (Optional) Specifies the Log Analytics Workspace ID to which the security data will be sent.
logUnmaskedIpsEnabled - (Optional) Should IP addressed be unmasked in the log? Defaults to false.
recommendationsEnabled - (Optional) A recommendationsEnabled block of options to enable or disable as defined below.
queryForResources - (Optional) An Azure Resource Graph query used to set the resources monitored.
querySubscriptionIds - (Optional) A list of subscription Ids on which the user defined resources query should be executed.
tags - (Optional) A mapping of tags to assign to the resource.

The additionalWorkspace block supports the following:

dataTypes - (Required) A list of data types which sent to workspace. Possible values are alerts and rawEvents.
workspaceId - (Required) The resource ID of the Log Analytics Workspace.

A recommendationsEnabled block supports the following:

acrAuthentication - (Optional) Is Principal Authentication enabled for the ACR repository? Defaults to true.
agentSendUnutilizedMsg - (Optional) Is Agent send underutilized messages enabled? Defaults to true.
baseline - (Optional) Is Security related system configuration issues identified? Defaults to true.
edgeHubMemOptimize - (Optional) Is IoT Edge Hub memory optimized? Defaults to true.
edgeLoggingOption - (Optional) Is logging configured for IoT Edge module? Defaults to true.
inconsistentModuleSettings - (Optional) Is inconsistent module settings enabled for SecurityGroup? Defaults to true.
installAgent - (Optional) is Azure IoT Security agent installed? Defaults to true.
ipFilterDenyAll - (Optional) Is Default IP filter policy denied? Defaults to true.
ipFilterPermissiveRule - (Optional) Is IP filter rule source allowable IP range too large? Defaults to true.
openPorts - (Optional) Is any ports open on the device? Defaults to true.
permissiveFirewallPolicy - (Optional) Does firewall policy exist which allow necessary communication to/from the device? Defaults to true.
permissiveInputFirewallRules - (Optional) Is only necessary addresses or ports are permitted in? Defaults to true.
permissiveOutputFirewallRules - (Optional) Is only necessary addresses or ports are permitted out? Defaults to true.
privilegedDockerOptions - (Optional) Is high level permissions are needed for the module? Defaults to true.
sharedCredentials - (Optional) Is any credentials shared among devices? Defaults to true.
vulnerableTlsCipherSuite - (Optional) Does TLS cipher suite need to be updated? Defaults to true.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

id - The ID of the Iot Security Solution resource.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

create - (Defaults to 30 minutes) Used when creating the Iot Security Solution.
update - (Defaults to 30 minutes) Used when updating the Iot Security Solution.
read - (Defaults to 5 minutes) Used when retrieving the Iot Security Solution.
delete - (Defaults to 30 minutes) Used when deleting the Iot Security Solution.

Import

Iot Security Solution can be imported using the resourceId, e.g.

terraform import azurerm_iot_security_solution.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.Security/iotSecuritySolutions/solution1